blumeops

History

Erich Blume be30668eef Automate Prowler MANUAL finding verification (#335 ) ## Summary - Adds automated node-level verification to `review-compliance-reports`: kubelet file perms/ownership, kubelet config args, etcd CA separation, RBAC cluster-admin bindings - Mutes the 14 MANUAL Prowler findings via new `manual-node-checks.yaml` mutelist file - New `node-config-automated-verification` compensating control documents the approach - Script fails loudly (red FAIL + verdict panel) if any check deviates from expected values ## Test plan - [x] `mise run review-compliance-reports` — all 12 node checks PASS - [x] Injected bad expected value (perms 400 vs actual 600) — FAIL rendered correctly - [x] Fixed colon-in-binding-name bug (kubeadm:cluster-admins) with tab-separated jsonpath - [ ] After merge: sync prowler mutelist ConfigMap and verify next scan shows 0 MANUAL findings ## Note Prowler coverage is minikube-indri only — ringtail/k3s is a known gap tracked separately. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #335		2026-04-14 13:00:44 -07:00
..
changelog.d	Automate Prowler MANUAL finding verification (#335 )	2026-04-14 13:00:44 -07:00
explanation	Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) (#326 )	2026-04-06 07:31:40 -07:00
how-to	Document uv.lock as the source of devpi dependency in Dagger builds	2026-04-14 07:41:45 -07:00
reference	Document DR rebuild procedure and update restart-indri	2026-04-13 18:07:54 -07:00
tutorials	Review adding-a-service tutorial: fix ingress, repoURL, add kustomize and reference card steps	2026-04-08 11:28:46 -07:00
index.md	Fix spider trap: disable SPA mode, remove index files, relax wiki-links (#290 )	2026-03-09 11:59:43 -07:00
quartz.config.ts	Fix spider trap: disable SPA mode, remove index files, relax wiki-links (#290 )	2026-03-09 11:59:43 -07:00
quartz.layout.ts	Expose Forgejo publicly at forge.eblu.me (#278 )	2026-03-03 08:40:41 -08:00